Has anyone else noticed a huge spike in the number of connections
dropped due to "too many syntax or protocol errors" lately? I've been
seeing a tonne of them in the past couple weeks.
Here's a sampling:
2007-01-22 23:31:12 SMTP call from (cacs.com.au) [189.2.25.19] dropped:
too many syntax or protocol errors (last command was "MAIL
FROM:<lehi@???>")
2007-01-22 23:33:16 SMTP call from
55.red-80-39-228.dynamicip.rima-tde.net (canberrafm.com.au)
[80.39.228.55] dropped: too many syntax or protocol errors (last command
was "MAIL FROM:<halber@???>")
2007-01-22 23:38:02 SMTP call from (fantasyworks.com) [58.230.213.77]
dropped: too many syntax or protocol errors (last command was "MAIL
FROM:<glas@???>")
I suspect some new spammer botnet has come on line recently, and I
wonder if this might be at all connected to Jason Meers' recent posting
about web searches for exim exploits.
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20070115/msg00096.html
- Marc